﻿Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by binbou (2016-04-26 14:24:24)
Running from C:\Users\binbou\Desktop
Windows 10 Pro Version 1511 (X64) (2016-03-19 17:56:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-251535765-3455047353-1158782257-500 - Administrator - Disabled)
binbou (S-1-5-21-251535765-3455047353-1158782257-1001 - Administrator - Enabled) => C:\Users\binbou
DefaultAccount (S-1-5-21-251535765-3455047353-1158782257-503 - Limited - Disabled)
Guest (S-1-5-21-251535765-3455047353-1158782257-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.45 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Raptr (HKLM-x32\...\Raptr) (Version: 5.1.2-r111396-release - Raptr, Inc)
SafeZone Stable 1.48.2066.95 (x32 Version: 1.48.2066.95 - Avast Software) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-251535765-3455047353-1158782257-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\binbou\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {34388CBB-BC65-49E2-A665-C52BFC0DD77F} - System32\Tasks\SafeZone scheduled Autoupdate 1459017092 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-08] (Avast Software)
Task: {4C9FFF6A-95A1-408A-956C-9BD6B8A0A209} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-26] (AVAST Software)
Task: {5A79AD19-51A5-45E9-BED5-B9374993CD76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-25] (Google Inc.)
Task: {69D552E8-0B26-4854-BF9D-00683F8D07B4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {8BA1BD4E-A2F9-4572-AFEB-13C9BD5FE7A3} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-04-04] (Advanced Micro Devices, Inc.)
Task: {9DF3CF24-6375-435C-9D43-13F38365E56E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-25] (Google Inc.)
Task: {F50CEA20-89C2-46DE-8BB4-3304FD47E439} - System32\Tasks\SpyHunter4Startup => D:\Programy\Spyhunter\App\SpyHunter\SpyHunter4.exe [2015-06-23] (Enigma Software Group USA, LLC.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-04-12 21:55 - 2016-03-29 12:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-12 21:55 - 2016-03-29 12:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-04-19 17:23 - 2016-04-19 17:23 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-03-19 20:34 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-12 21:54 - 2016-04-02 05:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-04-12 21:55 - 2016-04-02 05:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-12 21:54 - 2016-04-02 04:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-12 21:55 - 2016-04-02 04:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-12 21:55 - 2016-04-02 05:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-26 12:32 - 2016-03-26 12:32 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-26 12:32 - 2016-03-26 12:32 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-25 16:19 - 2016-04-25 16:19 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16042500\algo.dll
2016-04-15 12:35 - 2016-04-15 12:35 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-25 21:32 - 2016-04-25 21:32 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16042502\algo.dll
2016-03-26 12:32 - 2016-03-26 12:32 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-04-26 14:13 - 2016-04-26 14:13 - 02890752 _____ () C:\Program Files\AVAST Software\Avast\defs\16042601\algo.dll
2016-04-19 17:23 - 2016-04-19 17:23 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 17:23 - 2016-04-19 17:23 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-19 14:03 - 2015-12-19 14:03 - 00002560 _____ () C:\Windows\SYSTEM32\CTXFIRES.DLL
2016-03-26 12:32 - 2016-03-26 12:32 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-21 22:29 - 2015-10-21 22:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-21 22:29 - 2015-10-21 22:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PIL._imaging.pyd
2015-06-27 01:09 - 2015-06-27 01:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00024064 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32pipe.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-03-24 01:21 - 2016-03-24 01:21 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2015-10-30 09:21 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-251535765-3455047353-1158782257-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5EE72B71-8549-4EC0-9FBB-1DE747EA1E2A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{064AFA06-1750-40C2-9737-68E14439634A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{766D3A07-2A41-4FD7-8257-E11616C17988}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{31E7B5C9-ECC6-4C2F-AFD1-593329038EC6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{C70FA5E9-CD3C-4C7A-9F10-19B459C229D2}C:\hry\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => (Allow) C:\hry\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AADE6538-E31C-484E-BD03-90800115E145}C:\hry\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe] => (Allow) C:\hry\heroes of the storm\versions\base41150\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F31F28B3-85C8-432A-BAB2-B6B58D7416F6}D:\hry\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{0F712B8C-C1AA-4984-AAE6-7BF099171840}D:\hry\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{9F2F4B0E-3D57-4C86-90D2-2FE8CC701DBB}C:\hry\hearthstone\hearthstone.exe] => (Allow) C:\hry\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B91997E5-24C9-4140-9A7B-318E046C908D}C:\hry\hearthstone\hearthstone.exe] => (Allow) C:\hry\hearthstone\hearthstone.exe
FirewallRules: [{5C6F3D2E-B1F1-4D8A-8CFA-D26FA981E578}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\Factorio.exe
FirewallRules: [{A5A14678-5095-4267-BE2C-D1543525847D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\Factorio.exe
FirewallRules: [{C315E844-8547-4C04-A85B-D679BD28697D}] => (Allow) C:\Users\binbou\AppData\Local\Temp\KMSnano\qemu-system-i386.exe
FirewallRules: [{4F502AFB-9E71-4AB9-8C77-81CE615D053E}] => (Allow) C:\Users\binbou\AppData\Local\Temp\KMSnano\qemu-system-i386.exe
FirewallRules: [TCP Query User{9F821DB4-9EA8-45E4-B436-80773907F3B9}C:\hry\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\hry\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DB42FC1F-52EF-499C-9845-D8A975E8E0AF}C:\hry\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\hry\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [{93DE4216-7D85-4143-84E9-7AB5ADDD539C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3B5FB18E-3F1F-4B63-903A-15B31600B1BA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DBBC5644-5746-4BDF-BC08-595EDF26CED8}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{CCB3B2D2-1977-4ACD-BF54-A73D03D53756}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{9DC0ACAE-CFD4-4E91-B55A-BB74178C047F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{8BBDE2AD-3FC2-4700-930F-8BF6F630791E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{A996E2E6-6C39-4A21-AC90-CCA10EC4B0D8}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{A5C13FBA-A666-47ED-B33D-9415622081B0}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{02311D7F-47A0-4A0A-9CC3-6C85845D7728}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6659CF95-50E6-428C-849A-50FCEFD47878}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{74E2BA66-A05E-43CE-BAB6-B6D149C9AEF0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E20C7CFB-07DE-4D70-B929-0ACEC72432C8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{3F7E50AF-6A9F-41FE-ABCA-E9E783A4F4BD}C:\hry\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\hry\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{8BF1A208-5452-4189-8788-0D1B0D82B2AB}C:\hry\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\hry\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{CFD51F5A-C3DF-42EA-A842-6A8B80F4B887}C:\hry\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) C:\hry\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D4881772-A817-4F7A-B671-8E7E4A3B7B28}C:\hry\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) C:\hry\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{EE5EC46E-89F0-4C03-A388-C4EE21F23397}C:\hry\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\hry\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2C338372-BDD7-481C-B3D0-AC3507DC2B55}C:\hry\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\hry\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
FirewallRules: [{1B8A0802-3FF1-4CF1-A63B-6C9BB799BB06}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2016 09:37:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/25/2016 09:37:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/25/2016 09:37:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/25/2016 08:17:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/25/2016 08:17:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/25/2016 08:17:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/25/2016 08:11:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-TUAI081)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (04/25/2016 06:51:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/25/2016 06:51:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/25/2016 06:51:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (04/25/2016 11:14:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici

Error: (04/25/2016 09:47:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TUAI081)
Description: {8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}

Error: (04/25/2016 09:34:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby: 
%%1053

Error: (04/25/2016 09:34:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby gupdate bylo dosaženo časového limitu (30000 ms).

Error: (04/25/2016 09:31:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_28bae byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (04/25/2016 09:31:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici

Error: (04/25/2016 08:14:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby: 
%%1053

Error: (04/25/2016 08:14:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby gupdate bylo dosaženo časového limitu (30000 ms).

Error: (04/25/2016 08:11:46 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TUAI081)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

Error: (04/25/2016 08:11:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_2a461 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.


CodeIntegrity:
===================================
  Date: 2016-04-25 21:59:28.963
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-111387.dll that did not meet the Store signing level requirements.

  Date: 2016-04-25 21:43:18.452
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-111387.dll that did not meet the Store signing level requirements.

  Date: 2016-04-25 21:43:18.440
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-111387.dll that did not meet the Store signing level requirements.

  Date: 2016-04-25 18:55:50.030
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-111387.dll that did not meet the Store signing level requirements.

  Date: 2016-04-25 18:54:10.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-111387.dll that did not meet the Store signing level requirements.

  Date: 2016-04-25 18:53:36.854
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-111387.dll that did not meet the Store signing level requirements.

  Date: 2016-04-20 07:37:55.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-111387.dll that did not meet the Store signing level requirements.

  Date: 2016-04-20 07:37:55.132
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-111387.dll that did not meet the Store signing level requirements.

  Date: 2016-04-20 07:37:45.884
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Raptr Inc\Raptr\ltc_help64-111387.dll that did not meet the Store signing level requirements.

  Date: 2016-04-19 23:03:20.740
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8191.11 MB
Available physical RAM: 5753.12 MB
Total Virtual: 9471.11 MB
Available Virtual: 6104.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:68.67 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:465.76 GB) (Free:98.39 GB) NTFS
Drive g: (FreeAgent Drive) (Fixed) (Total:298.09 GB) (Free:14.43 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================